SIERRA ONCOLOGY PRIVACY NOTICE

Last updated: March 10, 2021

In the regular course of business, Sierra Oncology, Inc., including its wholly owned Affiliates and successors (together referred to as “Sierra Oncology”, “we”, “our”, “us”) interacts and communicates directly with health care professionals, clinical trial participants, partners, regulatory authorities, and others. Through these interactions and communications, Personal Information may be provided to Sierra Oncology and processed electronically and/or manually. Sierra Oncology respects individual privacy and values the confidence of such individuals. This Privacy Notice sets forth Sierra Oncology’s privacy principles with respect to Personal Information, including the privacy procedures and technical security measures Sierra Oncology follows in its normal course of business to keep Personal Information private and secure.

Sierra Oncology’s US parent entity, Sierra Oncology, Inc, participates in both the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Frameworks. Sierra Oncology, Inc. commits to comply with the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Principles (“Principles”) for all Personal Information received from the EU or Switzerland which was provided in reliance on Privacy Shield. For purposes of Privacy Shield compliance enforcement, Sierra Oncology, Inc is subject to the investigatory and enforcement powers of the United States Federal Trade Commission (FTC).
For more information about the Privacy Shield generally and to view our certification online, please visit https://www.privacyshield.gov.

If there is any conflict between the terms of this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

 

What does Sierra Oncology do?

Sierra Oncology is a clinical stage drug development company advancing targeted therapeutics for the treatment of patients with unmet medical needs in hematology and oncology. We are oriented towards achieving the successful registration and commercialization of our product candidates. We have a highly experienced management team with a proven track record of success in drug development and we are advancing an emerging pipeline of targeted therapies in hematology and the DNA Damage Response (DDR) Network.

 

Scope

This Privacy Notice applies to Personal Information received by Sierra Oncology (including Personal Information received by third-party organizations or individuals acting as Service Providers of Sierra Oncology) in relation to: (i) visitors to the Sierra Oncology Website (as defined below); (ii) individuals who request information or register with us and/or request services;  (iii) partners (such as service provider personnel or business contacts); and (iv) where not provided for separately, health care professionals associated with one of our clinical trials. Types of third-party organizations include Sierra Oncology Affiliates and partners, a current list of which is available upon request.

Where you participate in one of our clinical trials the processing of your Personal Information will be subject to a separate privacy notice. Please contact your clinical trial doctor or our DPO at DPO@sierraoncology.com if you require further information or a copy of this separate privacy notice.

 

Definitions

For the purposes of this Privacy Notice, the following definitions shall apply:

  • “Affiliate” means any third party which is under common control with Sierra Oncology.
  • “Service Provider” means any consultants, contractors (including temporary employees), agents, and/or third-party vendors that process Personal Information on behalf of Sierra Oncology.
  • “Sierra Oncology Website(s)” or “Website” or “Site” means websites controlled by Sierra Oncology, including, but not limited to https://www.sierraoncology.com.
  • “Personal Information” means any information or set of information that relates to a data subject. Identification of an individual can be either direct or indirect and can be made by or on behalf of Sierra Oncology.
  • “Pseudonymization” means the processing of Personal Information in such a manner that such information can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the Personal Information is not attributed to a data subject.
  • “Principles” means the EU – U.S. Privacy Shield and U.S. – Swiss Privacy Shield Principles.
  • “Sensitive Personal Information (SPI)” means a Sierra Oncology-defined subset of Personal Information (similar to the EU-defined Special Categories of Personal Data, with additional attributes), SPI includes information revealing unique government identifiers, financial information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, sex life or sexual orientation, or any criminal offenses (alleged or otherwise).

 

Notice

The collection, processing, storage, use, and disclosure of Personal Information in the business context is essential to the conduct of many of Sierra Oncology’s business functions. Sierra Oncology may collect, process, store, use, and disclose Personal Information from individuals directly and/or from third parties, subject to applicable law.

 

What data we collect and why?

When interacting with Sierra Oncology, you may choose to provide us with information to help us serve your needs. The Personal Information that we collect will depend on how you choose to interact with Sierra Oncology.

Sierra Oncology collects, uses and discloses your Personal Information to operate its business, including for the following purposes:

  • Establishing and maintaining communications with you;
  • Where you have requested participation in a clinical trial with Sierra Oncology or one of Sierra Oncology’s partners;
  • Where you have requested a service from Sierra Oncology, assisting you in the completion of your application, the assessment of your eligibility for any such requested service, the processing and maintenance of the service, as well as any applicable renewal of such service;
  • Responding to your inquiries about applications, trials and other services;
  • Making proposals for future service needs;
  • Processing transactions through service providers;
  • Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
  • Meeting legal, security, processing, and regulatory requirements;
  • Protecting against fraud, suspicious or other illegal activities;
  • Enforcing our agreements and policies;
  • Auditing relating to interactions, transactions, and other compliance activities; and
  • Compiling statistics for analysis of our sites and our business.

Sierra Oncology may consolidate or aggregate Personal Information in a non-identifiable form (de-identified/Pseudonymized data) to help Sierra Oncology improve product design and services, to enhance Sierra Oncology’s research activities, and to facilitate other business functions.

Sierra Oncology may use Personal Information for other purposes that are clearly disclosed to you at the time you provide Personal Information or with your consent.

 

Where you request information about our services

If you request information about our services, we may ask you to submit your contact details (such as your name, e-mail address, the name of your organization, and the country in which you are based) so we may send you the material you have requested, and where appropriate, to enable us to identify whether you have an existing relationship with Sierra Oncology.

Where you register with us and/or request services

If you request a service from us, we may ask you to submit your contact details (such as your name, e-mail address, country, telephone number) and the reason for your communication; as well as information about your position, organization, and such other information as is reasonably necessary so that we can provide you with the service. This information can include information you provide on applications or other forms, which may include your name, address, email address, and payment information.

 

When you use our Website

The Personal Information that we may collect about you broadly falls into the following categories:

Information that you provide voluntarily
Certain parts of our Website may ask you to provide Personal Information voluntarily: for example, we may ask you to provide your contact details to submit enquiries to us. The Personal Information that you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your Personal Information.

Information that we collect automatically
When you visit our Website, we may collect certain information automatically from your device. In some countries, including the United Kingdom and countries in the European Economic Area, this information may be considered Personal Information under applicable data protection laws.

Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.
Collecting this information enables us to better understand the visitors who come to our Website, where they come from, and what content on our Website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our Website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained in our Cookie Notice.

 

Additional information

Individuals should not provide Sierra Oncology with any Personal Information that is not specifically requested. Where Sierra Oncology receives Personal Information from its Affiliates, or other entities, it will use or disclose such Personal Information in accordance with the above procedures.

 

Legal basis for processing Personal Information

Sierra Oncology’s legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.  In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). 

Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact Information” heading below.

 

Disclosure of information to others

We do not disclose any Personal Information about you to any third parties except as stated in this Privacy Notice or as notified to you, or as otherwise permitted by law, or authorized by you.

Generally
Third parties to whom we disclose information are required by law and contractual undertakings to keep your Personal Information confidential and secure; and to use and disclose it for purposes that a reasonable person would consider appropriate in the circumstances, in compliance with all applicable legislation, which purposes are as follows:

  • To provide the products and services you have requested from us;
  • To notify you, or allow our affiliated companies to notify you of certain products or services offered by our affiliated companies;
  • For legal, regulatory, and related purposes; and
  • To process transactions through data processing service providers.

If these third parties wish to use your Personal Information for any other purpose, they will have a legal obligation to notify you of this and, where required, to obtain your consent. Contact us at: DPO@sierraoncology.com for more information on these third parties.

Affiliate Sharing
In the normal course of performing services for our clients, Personal Information may be shared within Sierra Oncology and its Affiliates for research and statistical purposes, drug safety and efficacy purposes, system administration and crime prevention or detection, or any purpose otherwise identified in this Privacy Notice.

Service Providers
Because a number of the Service Providers we use in pursuance of the purposes mentioned above are located in countries other than your own, your Personal Information will be processed and stored inside the countries where our Service Providers are located. Your Personal Information may be accessible to law enforcement or other authorities pursuant to a lawful request under local laws.

However, we have taken appropriate safeguards to require that your Personal Information will remain protected in accordance with this Privacy Notice.

Business Transactions
As we continue to develop our business, we might sell or buy assets. In such transactions, user information, including Personal Information, generally is one of the transferred business assets. In addition, if either Sierra Oncology itself or substantially all of Sierra Oncology assets were acquired, your Personal Information may be one of the transferred assets. Therefore, we may disclose and/or transfer your Personal Information to a third-party in these circumstances.

Other Legally Required Disclosures
Sierra Oncology reserves the right to disclose without your prior permission any Personal Information about you or your use of this Site if Sierra Oncology has a good faith belief that such action is necessary to: (a) protect and defend the rights, property or safety of Sierra Oncology, employees, other users of this Site, or the public; (b) enforce our agreements ; (c) as required by a legally valid request from a competent public authority including to meet national security or law enforcement requirements and/or to comply with a judicial proceeding, court order, or legal process; or (d) respond to claims that any content violates the rights of third parties. We may also disclose Personal Information as we deem necessary to satisfy any applicable law, regulation, legal process, or governmental request.

 

Choice

Where Sierra Oncology relies on consent for the fair and lawful processing of Personal Information, the opportunity to consent will be provided prior to when the Personal Information in question is collected. Your consent may be given through your authorized representative such as a legal guardian, agent, or holder of a power of attorney. Where Sierra Oncology relies on consent, you will be entitled to withdraw that consent at any time.

For SPI, Sierra Oncology will provide individuals the opportunity to affirmatively and explicitly authorize or consent to the collection, processing, transfer, or disclosure of their SPI to a non-Agent third party or the use of their SPI for a purpose other than the one for which the individual originally consented.

Sierra Oncology will not disclose your Personal Information to third parties except as otherwise stated in this Privacy Notice or otherwise notified to you.

Email and Telephone Communications
If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain non-promotional communications regarding us and our services, and you will not be able to opt out of those communications (e.g., communications regarding our services or updates to our Terms or this Privacy Notice).

“Do Not Track”
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.

 

International Transfers

Sierra Oncology maintains servers and other storage facilities in the United States and Canada. Sierra Oncology may transfer Personal Information outside of its country of origin for the purposes, and in the manner, set out above; including for processing and storage by Service Providers and Affiliates in connection with such purposes. In all situations, Sierra Oncology takes appropriate steps to ensure that your privacy is protected. Such steps include, but are not limited to, implementing privacy, security, and contractual controls, as required by applicable law.

If Personal Information are transferred outside of the European Economic Area (EEA) or the United Kingdom, we take appropriate safeguards to ensure that it remains protected in accordance with this Privacy Notice. Depending on purpose of processing and the relationship we have with you, your data may be transferred directly to us in accordance with the European Commission’s Standard Contractual Clauses (or for Personal Information protected by UK data protection laws, standard contractual clauses as approved by the competent UK authority) or it may initially be received by Sierra Oncology’s affiliate, and appointed data processor, Sierra Oncology Canada LLC.  Any onward transfers of data from Sierra Oncology Canada LLC to us, our other Affiliates or third-party service providers in the United States and around the world comply with applicable data protection law. 

Sierra Oncology has implemented the European Commission’s Standard Contractual Clauses for transfers of personal data to its Affiliates. You can obtain a copy of Sierra Oncology’s Standard Contractual Clauses from our external Data Protection Officer at DPO@sierraoncology.com. We have implemented similar appropriate safeguards with its service providers.  You can request further details from the external Data Protection Officer at DPO@sierraoncology.com.

 

Accountability for Onward Transfers

Sierra Oncology will obtain assurances from its Service Providers and Affiliates that they will safeguard Personal Information consistent with this Privacy Notice. Where Sierra Oncology has knowledge that a Service Provider or Affiliate is using or disclosing Personal Information in a manner contrary to this Privacy Notice, Sierra Oncology will take appropriate steps to prevent or stop the use or disclosure. If Sierra Oncology has received your personal information in the United States and subsequently transfers it to a third party acting as an agent, and such agent processes your personal information in a manner inconsistent with the Privacy Shield Principles, Sierra Oncology will remain responsible unless it can prove it is not responsible for the event giving rise to the damage.

 

Security

Sierra Oncology has implemented reasonable and appropriate physical, technical and managerial controls and safeguards to keep your Personal Information protected from unauthorized access, disclosure, alteration, and destruction. Such measures may include but are not limited to: the encryption of communications, encryption of information while it is in storage, firewalls, access controls, separation of duties, and similar security protocols. Unfortunately, no system is 100% secure, and we cannot ensure or warrant the security of any information you provide to us. We have taken appropriate safeguards to require that your Personal Information will remain protected and require our third-party service providers and partners to have appropriate safeguards as well. To the fullest extent permitted by applicable law, we do not accept liability for unauthorized disclosure.

By using our services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our services, by mail or by sending an email to you.

 

Data Retention and Purpose Limitation

Sierra Oncology will use Personal Information as described in this Privacy Notice, only in ways that are compatible with the purposes for which it was collected, or consented to by the individual. This may include dispute resolution, establishing legal defenses, conducting audits, pursuing legitimate business purposes, enforcing our agreements, and complying with applicable laws. Sierra Oncology will have appropriate steps in place to ensure that Personal Information is relevant to its intended use, accurate, complete, and current.

Sierra Oncology will only store Personal Information for as long as it is needed to fulfil the purposes for which it was collected, subject to applicable data retention periods imposed upon Sierra Oncology by applicable law.   For more information about Sierra Oncology’s retention periods for Personal Information, please refer to the contact information section below.

 

Cookies and similar tracking technology used on our Website

Sierra Oncology uses cookies and similar tracking technology (collectively, “Cookies”). For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Notice.

 

Your Rights

In accordance with applicable law, you may have the right to: (i) request confirmation of whether we are processing your Personal Information; (ii) obtain access to or a copy of your Personal Information; (iii) receive an electronic copy of Personal Information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) object to or restrict our uses of your Personal Information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Information; and (vi) request erasure of Personal Information held about you by Sierra Oncology, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us at: DPO@sierraoncology.com.

We will process such requests in accordance with applicable laws. To protect your privacy, Sierra Oncology will take steps to verify your identity before fulfilling your request.
Any requests to opt-out of future communications from Sierra Oncology, or to opt-out of a particular Sierra Oncology program should be directed to Sierra Oncology by e-mail at DPO@sierraoncology.com.

If Sierra Oncology’s processing of your Personal Information is covered by EU or UK law, you may lodge a complaint with the corresponding data protection supervisory authority in your country of residence. You can find the relevant supervisory authority name and contact details for the EU under https://edpb.europa.eu/about-edpb/board/members_en or for the UK at https://ico.org.uk/global/contact-us/.

 

Supplemental Notice for California Residents

This Supplemental Notice for California Residents only applies to our processing of Personal Information that is subject to the California Consumer Privacy Act of 2018 (“CCPA”). The CCPA provides California residents with the right to know what categories of Personal Information Sierra Oncology has collected about them and whether Sierra Oncology disclosed that Personal Information for a business purpose (e.g., to a service provider) in the preceding 12 months. California residents can find this information below:

Category of Personal Information Collected by Sierra Oncology Category of Third Parties Information is Disclosed to for a Business Purpose

Identifiers.
A real name, postal address, Internet Protocol address, email address, account name, or other similar identifiers.

  • Government entities
  • Service providers
  • Clinical Research Organizations
  • Affiliates

Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
A name, signature, physical characteristics or description, address, telephone number, employment, employment history, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

  • Government entities
  • Service providers
  • Clinical Research Organizations
  • Affiliates

Protected classification characteristics under California or federal law
Age (40 years or older), race, color, ancestry, national origin, citizenship, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

  • Government entities
  • Service providers
  • Clinical Research Organizations
  • Affiliates

Commercial information
Records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

  • Service providers
  • Affiliates

Internet or other electronic network activity
Browsing history, search history, information on a consumer’s interaction with an internet website or application.

  • Service providers

Professional or employment-related information
Current or past job history or performance evaluations.

  • Service providers
  • Clinical Research Organizations
  • Affiliates

The categories of sources from which we collect Personal Information and our business and commercial purposes for using Personal Information are set forth above.

“Sales” of Personal Information under the CCPA

For purposes of the CCPA, Sierra Oncology does not “sell” Personal Information, nor do we have actual knowledge of any “sale” of Personal Information of minors under 16 years of age.

Additional Privacy Rights for California Residents

Non-Discrimination
California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.

Authorized Agent
Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Information. You may also make a verifiable consumer request on behalf of your minor child. To designate an authorized agent, please contact us as set forth below.

Verification
To protect your privacy, we will take the following steps to verify your identity before fulfilling your request. When you make a request, we will ask you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative, which may include your name, email address, phone number, or mailing address.

If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth below. We will process such requests in accordance with applicable laws.

Accessibility
This Privacy Notice uses industry-standard technologies and was developed in line with the World Wide Web Consortium’s Web Content Accessibility Guidelines, version 2.1. If you wish to print this policy, please do so from your web browser or by saving the page as a PDF.

 

Policy Toward Children using Sierra Oncology Websites

Sierra Oncology Websites are not directed to children under 16 (or other age as required by local laws) and we do not knowingly collect Personal Information from children. If Sierra Oncology learns that Personal Information of a child has been collected steps will be taken to delete such information from Sierra Oncology files as soon as possible.

 

Recourse, Enforcement and Liability

Individual Complaint
Individuals may contact Sierra Oncology regarding any question or complaint regarding the collection, processing, and/or transfer of their Personal Information by emailing DPO@sierraoncology.com. Sierra Oncology will promptly investigate and respond to complaints without delay and within the time limits prescribed by applicable laws. Sierra Oncology will attempt to resolve complaints, disputes and requests to revoke consent regarding collection, processing, transfer, and disclosure of Personal Information in accordance the principles contained in this Privacy Notice, and applicable law and the Principles.

Sierra Oncology will conduct periodic compliance audits of its relevant privacy practices to verify adherence to this Privacy Notice.

Independent Recourse Mechanism
If you have an unresolved Privacy Shield complaint that Sierra Oncology has not addressed satisfactorily, Sierra Oncology commits to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner, as applicable, and comply with the advice given by them in respect of the complaint.

Binding Arbitration
In the event that you cannot fully resolve your Privacy Shield complaint through the above mechanisms, it is possible that you may use binding arbitration as a final resort.
For more information on how to invoke arbitration under the Privacy Shield Framework, please visit https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

 

Third-Party Websites and Applications

The Website may contain links to other websites/applications and other websites/applications may reference or link to our services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing Personal Information to third-party websites or applications is at your own risk.

 

Contact Information

Any questions or concerns regarding handling of Personal Information by Sierra Oncology, or related to revocation of consent to collect, process, transfer, or disclose or your Personal Information should be directed by email to DPO@sierraoncology.com.

Alternatively, letters may be sent to the following address:
Sierra Oncology, Inc.
ATTN: Legal Department
46701 Commerce Center Drive, Plymouth, MI 48170

For the processing of Personal Information relating to the European Economic Area and UK, Sierra Oncology has appointed:

  • a Data Protection Officer, who you may contact at DPO@sierraoncology.com in case of any questions or concerns regarding the processing of your Personal Information; and
  • the DataRep Group as its data protection representative. DataRep may be contacted by email at: datarequest@datarep.com quoting “Sierra Oncology, Inc.” in the subject line.

All communications to Sierra Oncology should include the individual’s name and contact information (such as e-mail address, phone number, or mailing address), and a detailed explanation of the request. E-mail requests to delete, amend, or correct Personal Information should include “Deletion Request” or “Amendment/Correction Request,” as applicable, in the subject line of the e-mail. Sierra Oncology will endeavour to respond to all reasonable requests in a timely manner, and in any case, within any time limits prescribed by applicable law.

 

Changes To Sierra Oncology Privacy Notices

Sierra Oncology reserves the right to amend this Privacy Notice from time to time to reflect technological advancements, legal and regulatory changes, and Sierra Oncology’s business practices, subject to applicable laws. If Sierra Oncology changes its privacy practices, an updated version of this Privacy Notice will reflect those changes. Sierra Oncology will provide notice of such changes by updating the effective date listed on this Privacy Notice.

When Sierra Oncology updates its Privacy Notice, Sierra Oncology will take appropriate measures to inform you, consistent with the significance of the changes made. Sierra Oncology will obtain your authorization or consent to any material Privacy Notice changes where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.